From owner-doc-jp@jp.freebsd.org  Sat Jan 27 15:15:19 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id PAA14090;
	Sat, 27 Jan 2001 15:15:19 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from eos.ocn.ne.jp (eos.ocn.ne.jp [210.190.142.171])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id PAA14085
	for <doc-jp@jp.freebsd.org>; Sat, 27 Jan 2001 15:15:18 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from mail.hrslab.yi.org (p0086-ip01funabasi.chiba.ocn.ne.jp [211.123.225.86])
	by eos.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id PAA10944
	for <doc-jp@jp.freebsd.org>; Sat, 27 Jan 2001 15:15:11 +0900 (JST)
Received: from localhost (alph.hrslab.yi.org [192.168.0.10])
	by mail.hrslab.yi.org (8.9.3/3.7W/DomainMaster) with ESMTP id PAA24605
	for <doc-jp@jp.freebsd.org>; Sat, 27 Jan 2001 15:14:21 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Date: Sat, 27 Jan 2001 15:12:45 +0900 (JST)
Message-Id: <20010127.151245.71082207.hrs@eos.ocn.ne.jp>
To: doc-jp@jp.freebsd.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <20010123210823.349E837B402@hub.freebsd.org>
References: <20010123210823.349E837B402@hub.freebsd.org>
X-Mailer: Mew version 1.95b97 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Sat_Jan_27_15:12:46_2001_571)--"
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7955
Subject: [doc-jp 7955] Re: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-01:08.ipfw
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@eos.ocn.ne.jp

----Next_Part(Sat_Jan_27_15:12:46_2001_571)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 01:07 $B$+$i(B 01:10 $B$^$G$G$9!#(B


01:07)

 - announce-jp $B$KN.$l$J$+$C$?;]$NCm5-!#(B

01:08)

 - $B:G=i$K$"$k!V(BTCP $BM=Ls%U%i%0$N%*!<%P%m!<%I!W$N0UL#$,J,$+$j$^$;$s!#(B
   (ipfw $BFbIt$N=hM}J}K!$NOC(B?)

   | Due to overloading of the TCP reserved flags field, ipfw and ip6fw
   | incorrectly treat all TCP packets with the ECE flag set as being part
   | of an established TCP connection, which will therefore match a
   | corresponding ipfw rule containing the 'established' qualifier, even
   | if the packet is not part of an established connection.

01:09 [REVISED])

 - "keying material" $B$NNI$$Lu8l$O$J$$$G$7$g$&$+(B?

   | The greatest security vulnerability is the disclosure of crontab
   | entries owned by other users, which may contain sensitive data such as
   | keying material (although this would often be publically disclosed
   | anyway at the time when the crontab job executes, via process
   | arguments and environment, etc).

01:10)

 - announce-jp $B$KN.$l$J$+$C$?;]$NCm5-!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@eos.ocn.ne.jp>
|
| sato@sekine00.ee.noda.sut.ac.jp (UNIV)
| hrs@FreeBSD.org (FreeBSD Project)

----Next_Part(Sat_Jan_27_15:12:46_2001_571)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:07"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:07 (2001-01-23)
 * Multiple XFree86 3.3.6 vulnerabilities
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:07.xfree86
  From: Koga Youichirou <y-koga@jp.freebsd.org>
  Date: Fri, 26 Jan 2001 10:27:57 +0900 (JST)
  Message-Id: <200101260127.f0Q1Rvd46090@koga.do.mms.mt.nec.co.jp>
  X-Sequence: announce-jp 673

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

  [$BCm(B] $B%a!<%kG[Aw>c32$K$h$j(B, FreeBSD-announce $B$X$NG[Aw$O9T$J$o$l$F$$$^$;$s(B.
       $B%*%j%8%J%kJ8=q$N%X%C%@>pJs$O0J2<$N$H$*$j$G$9(B.

    | Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-01:07.xfree86
    | From: FreeBSD Security Advisories <security-advisories@FREEBSD.ORG>
    | Date: Tue, 23 Jan 2001 13:02:27 -0800
    | Message-Id: <20010123210227.9D86B37B400@hub.freebsd.org>

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-01:07                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	Multiple XFree86 3.3.6 vulnerabilities

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	XFree86-3.3.6, XFree86-aoutlibs
$B9pCNF|(B:		2001-01-23
$B%/%l%8%C%H(B:	Chris Evans <chris@ferret.lmh.ox.ac.uk>
                Michal Zalewski <lcamtuf@tpi.pl>
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2000-10-24 (XFree86-3.3.6)
$B%Y%s%@$NBP1~(B:	XFree86 4.0.1 $B$G$O=$@5:Q$_(B.
                $B%Y%s%@$+$i$O=$@5%Q%C%A$,Ds6!$5$l$F$$$J$$(B.
FreeBSD $B$K8GM-$+(B:	NO


I.   $BGX7J(B - Background

XFree86 is a popular X server.  It exists in three versions in the
FreeBSD ports collection: 3.3.6 and 4.0.2, as well as a.out libraries
based on XFree86 3.3.3.

XFree86 $B$O?M5$$N$"$k(B X $B%5!<%P$N0l$D$G$9(B.  FreeBSD Ports Collection $B$K$O(B,
$B%P!<%8%g%s(B 3.3.6, $B%P!<%8%g%s(B 4.0.2, $B$*$h$S(B XFree86 3.3.3 $B%Y!<%9$N(B
a.out $B%i%$%V%i%j$N(B 3 $B<oN`$,B8:_$7$^$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple
vulnerabilities that may allow local or remote users to cause a denial
of service attack against a vulnerable X server.  Additionally, local
users may be able to obtain elevated privileges under certain
circumstances.

XFree86-3.3.6 port $B$N%P!<%8%g%s(B 3.3.6_1 $B$h$jA0$N$b$N$K$O(B,
$B%m!<%+%k$*$h$S%j%b!<%H$N%f!<%6$+$i(B, X $B%5!<%P$K%5!<%S%9K832967b(B (DoS) $B$r(B
$B2C$($k$3$H$N$G$-$k$h$&$J%;%-%e%j%F%#>e$N<eE@$,J#?tB8:_$7$^$9(B.
$B$5$i$K%m!<%+%k%f!<%6$O(B, $BFCDj$N>r7o2<$GIT@5$K9b$$8"8B$rF@$k$3$H$,$G$-$k(B
$B2DG=@-$,$"$j$^$9(B.

X server DoS:
  Remote users can, by sending a malformed packet to port 6000 TCP,
  cause the victim's X server to freeze for several minutes. During
  the freeze, the mouse does not move and the screen does not update
  in any way. In addition, the keyboard is unresponsive, including
  console-switch and kill-server key combinations. Non-X processes,
  such as remote command-line logins and non-X applications, are
  unaffected by the freeze.

X $B%5!<%P$X$N%5!<%S%9K832967b(B:

  $B%j%b!<%H%f!<%6$OIT@5$J%Q%1%C%H$r(B TCP $B%]!<%H$N(B 6000 $BHV$KAw$j(B,
  X $B%5!<%P$r?tJ,4VDd;_$5$;$k$3$H$,$G$-$^$9(B.  $B%5!<%P$,Dd;_$7$F$$$k4V$O(B
  $B%^%&%9%+!<%=%k$N0\F0$d2hLL$N=q$-49$($,0l@Z9T$J$o$l$J$/$J$j(B,
  $B%3%s%=!<%k%9%$%C%A$d%5!<%P$rDd;_$5$;$k$?$a$N%7%g!<%H%+%C%H%-!<A`:n$r(B
  $B4^$`%-!<%\!<%IA`:n$K$bH?1~$7$J$/$J$j$^$9(B.  $B$?$@$7(B, $B%j%b!<%H$+$i$N(B
  $B%3%^%s%I%i%$%s%m%0%$%s$J$I(B, X $B$KL54X78$N%W%m%;%9$d(B
  X $B%"%W%j%1!<%7%g%s0J30$N$b$N$O(B, $B$3$N%5!<%PDd;_$N1F6A$r(B
  $B<u$1$k$3$H$O$"$j$^$;$s(B.

Xlib holes:
  Due to various coding flaws in libX11, privileged (setuid/setgid)
  programs linked against libX11 may allow local users to obtain
  elevated privileges.

Xlib $B$N%;%-%e%j%F%#%[!<%k(B:

  $B%m!<%+%k%f!<%6$O(B libX11 $B$r%j%s%/$7$?(B, $B9b$$8"8B$r;}$D(B
  (setuid/setgid $B$5$l$?(B) $B%W%m%0%i%`$rMxMQ$7$F(B,
  $BIT@5$K9b$$8"8B$rF@$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9(B.
  $B$3$l$O(B libX11 $B$NCf$KB8:_$9$k$5$^$6$^$J%3!<%I$N7g4Y$,860x$G$9(B.

libICE DoS:
  Due to inadequate bounds checking in libICE, a denial of service
  exists with any application using libICE to listen on a network port
  for network services.

libICE $B$N%5!<%S%9K832967b(B:

  $B%M%C%H%o!<%/%5!<%S%9$rDs6!$9$k$?$a$K(B libICE $B$r;H$C$F%]!<%H$r(B
  listen $B$7$F$$$k$9$Y$F$N%"%W%j%1!<%7%g%s$O(B, $B%5!<%S%9K832967b$K(B
  $B;/$5$l$k4m81@-$,$"$j$^$9(B.  $B$3$l$O(B libICE $B$,==J,$J(B
  $B%G!<%?6-3&%A%'%C%/(B (bounds checking) $B$r9T$J$C$F$$$J$$$3$H$,860x$G$9(B.

The XFree86-aoutlibs port contains the XFree86 libraries from the
3.3.3 release of XFree86, in a.out format suitable for use with
applications in the legacy a.out binaryformat, most notably being the
FreeBSD native version of Netscape.  It is unknown whether Netscape is
vulnerable to the problems described in this advisory, but it believed
that the only potential vulnerability is the libICE denial-of-service
condition described above.

XFree86-aoutlibs port $B$K$O(B, XFree86 3.3.3 $B$N%j%j!<%9HG$KM3Mh$9$k(B
XFree86 $B%i%$%V%i%j$,4^$^$l$F$$$^$9(B.  $B$3$N%i%$%V%i%j$O(B
a.out $B%P%$%J%j7A<0$K$J$C$F$*$j(B, $B=>Mh$N(B a.out $B7A<0$N%"%W%j%1!<%7%g%s(B,
$BFC$K(B FreeBSD $BHG(B Netscape $B$J$I$KMxMQ$5$l$F$$$^$9(B.
Netscape $B$,$3$N%;%-%e%j%F%#4+9p$G=R$Y$i$l$F$$$kLdBj$N1F6A$r(B
$B<u$1$k$+$I$&$+$OH=L@$7$F$$$^$;$s$,(B, $B$b$74m81@-$,$"$k$H$7$F$b(B,
$B$=$l$O>e5-$N>r7o$K$*$1$k(B libICE $B$N%5!<%S%9K832967b$N$_$K(B
$B$H$I$^$k$@$m$&$H9M$($i$l$F$$$^$9(B.

The XFree86 and XFree86-aoutlibs ports are not installed by default
(although XFree86 is available as an installation option in the
FreeBSD installer), nor are they "part of FreeBSD" as such: they are
part of the FreeBSD ports collection, which contains almost 4500
third-party applications in a ready-to-install format.  The ports
collections shipped with FreeBSD 3.5.1 and 4.1.1 contain these problem
since they were discovered after the releases, but the XFree86 problem
was corrected prior to the release of FreeBSD 4.2.  At the time of
advisory release, the XFree86-aoutlibs port has not been corrected.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

XFree86 $B$*$h$S(B XFree86-aoutlibs $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k(B
$B$b$N$G$O$J$/(B, $B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B
($B$?$@$7(B, XFree86 $B$O(B FreeBSD $B%$%s%9%H!<%i$N%$%s%9%H!<%k%*%W%7%g%s$H$7$F(B
$BMxMQ2DG=$J>uBV$K$J$C$F$$$^$9(B).  $B$=$l$i$O(B 4500 $B$r1[$($k%5!<%I%Q!<%F%#@=(B
$B%"%W%j%1!<%7%g%s$,$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9(B.  $B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B,
FreeBSD 3.5.1 $B$*$h$S(B 4.1.1 $B$H$H$b$K=P2Y$5$l$?(B Ports Collection $B$O(B
$B$3$NLdBj$r4^$s$G$$$^$9$,(B, XFree86 $B$NLdBj$O(B FreeBSD 4.2 $B$N8x3+A0$K(B
$B=$@5$5$l$^$7$?(B.  XFree86-aoutlibs port $B$X$N=$@5$O(B,
$B$3$N%;%-%e%j%F%#4+9p$,H/9T$5$l$?;~E@$G$O(B, $B$^$@40N;$7$F$$$^$;$s(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.


III. $B1F6AHO0O(B - Impact

Local or remote users may cause a denial of service attack against an
X server or certain X applications.  Local users may obtain elevated
privileges with certain X applications.

$B%m!<%+%k$*$h$S%j%b!<%H$N%f!<%6$O(B, X $B%5!<%P$dFCDj$N(B
X $B%"%W%j%1!<%7%g%s$KBP$7$F%5!<%S%9K832967b$r2C$($k$3$H$,2DG=$G$9(B.
$B$^$?(B, $B%m!<%+%k%f!<%6$OFCDj$N(B X $B%"%W%j%1!<%7%g%s$rMxMQ$7$F(B
$BIT@5$K9b$$8"8B$r<j$KF~$l$k$3$H$,$G$-$^$9(B.

If you have not chosen to install the XFree86 3.3.6 port/package or
the XFree86-aoutlibs port/package, or you are running XFree86 4.0.1 or
later, then your system is not vulnerable to this problem.

XFree86 3.3.6 $B$b$7$/$O(B XFree86-aoutlibs $B$N(B port/package $B$r(B
$B%$%s%9%H!<%k$7$F$$$J$$$+(B, XFree86 4.0.1 $B$*$h$S$=$l0J9_$N%P!<%8%g%s$r(B
$B;H$C$F$$$k%7%9%F%`$K$O(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.


IV.  $B2sHrJ}K!(B - Workaround

Deinstall the XFree86-3.3.6 and XFree86-aoutlibs ports/packages, if
you you have installed them.

XFree86-3.3.6 $B$*$h$S(B XFree86-aoutlibs $B$N(B port/package $B$,(B
$B%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B, $B$=$l$i$9$Y$F$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B.

Note that any statically linked binaries which make use of the
vulnerable XFree86 routines may still be vulnerable to the problems
after deinstallation of the port/package.  However due to the
difficulty of developing a reliable scanning utility for such binaries
no such utility is provided.

$B$?$@$7(B, $B<eE@$r;}$C$?(B XFree86 $B%i%$%V%i%j%k!<%A%s$rMxMQ$7$F(B
$B@EE*$K%j%s%/$5$l$?%P%$%J%j$O$9$Y$F(B, $B3:Ev$9$k(B port/package $B$r(B
$B:o=|$7$?8e$b(B, $B$3$NLdBj$K$h$k<eE@$,;D$C$F$$$k2DG=@-$,$"$k$3$H$K(B
$BCm0U$7$F$/$@$5$$(B.  $B<eE@$N;D$C$F$$$k%P%$%J%j$r8!:w$9$k?.Mj@-$N9b$$(B
$B%f!<%F%#%j%F%#$r3+H/$9$k$3$H$O:$Fq$J$?$a(B, $B$=$&$$$C$?%f!<%F%#%j%F%#$O(B
$BDs6!$5$l$F$$$^$;$s(B.


V.   $B2r7h:v(B - Solution

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade your entire ports collection and rebuild the XFree86-3.3.6
port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B,
   XFree86-3.3.6 $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install an XFree86-4.0.2 package
obtained from:
2) $B8E$$(B ($BLuCm(B: XFree86-3.3.6 $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, 
   XFree86-4.0.2 $B$N(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.2_5.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.2_5.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.2_5.tgz

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.

NOTE: XFree86-3.3.6 packages are no longer made available, only the
newer XFree86-4.0.2 packages.

$BCm0U(B: XFree86-3.3.6 $B$N(B package $B$O(B, $B4{$KB8:_$7$^$;$s(B.
      $BMxMQ$G$-$k$N$O(B, XFree86-4.0.2 $B$N(B package $B$G$9(B.

Note also that the XFree86-aoutlibs port has not yet been fixed: there
is currently no solution to the problem other than removing the
port/package and recompiling any dependent software to use ELF
libraries, or switching to an ELF-based version of the software, if
available (e.g. the BSD/OS or Linux versions of Netscape, as an
alternative to the FreeBSD native version).  The potential impact of
the vulnerabilities to the local environment may be deemed not
sufficiently great to warrant this approach, however.

XFree86-aoutlibs port $B$N=$@5$O$^$@40N;$7$F$$$J$$$?$a(B,
$B8=;~E@$G$O(B port/package $B$r:o=|$7(B, $B0MB8$7$F$$$k%=%U%H%&%'%"(B
$B$9$Y$F$r(B ELF $B%i%$%V%i%j$r;H$C$F:F9=C[$9$k$+(B, $B$b$7$/$O(B
$BMxMQ2DG=$J$i$P(B, $B$=$N%=%U%H%&%'%"$N(B ELF $BHG$K@Z$jBX$($k(B
($B$?$H$($P(B, BSD/OS $B$d(B Linux $BHG$N(B Netscape $B$r(B FreeBSD $BHG(B
Netscape $B$NBe$o$j$KMxMQ$9$k(B) $B0J30$K2r7hJ}K!$O$"$j$^$;$s(B.
$B$7$+$7(B, $B$3$NLdBj$,%m!<%+%k$N4D6-$K5Z$\$91F6A$r9M$($k$H(B,
$BI,$:$3$&$7$J$1$l$P$J$i$J$$(B, $B$H$$$&6/$$M}M3$O$J$$$H;W$o$l$^$9(B.

3) download a new port skeleton for the XFree86-3.3.6 port from:
3) XFree86-3.3.6 $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i(B
   $B%@%&%s%m!<%I$7(B, $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:07,v 1.1 2001/01/27 06:05:14 hrs Exp $

----Next_Part(Sat_Jan_27_15:12:46_2001_571)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:08"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:08 (2001-01-23)
 * ipfw/ip6fw allows bypassing of 'established' keyword
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-01:08.ipfw
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Tue, 23 Jan 2001 13:08:23 -0800 (PST)
  Message-Id: <20010123210823.349E837B402@hub.freebsd.org>
  X-Sequence: announce-jp 671

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-01:08                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	ipfw/ip6fw allows bypassing of 'established' keyword

$BJ,N`(B:		core
$B%b%8%e!<%k(B:	kernel
$B9pCNF|(B:		2001-01-23
$B%/%l%8%C%H(B:	Aragon Gouveia <aragon@phat.za.net>
$B1F6AHO0O(B:	FreeBSD 3.x ($BA4%j%j!<%9(B),
                FreeBSD 4.x ($BA4%j%j!<%9(B),
                $B=$@5F|0JA0$N(B FreeBSD 3.5-STABLE $B$*$h$S(B 4.2-STABLE
$B=$@5F|(B:		2001-01-09 (FreeBSD 4.2-STABLE)
		2001-01-12 (FreeBSD 3.5-STABLE)
FreeBSD $B$K8GM-$+(B:	Yes


I.   $BGX7J(B - Background

ipfw is a system facility which allows IP packet filtering,
redirecting, and traffic accounting.  ip6fw is the corresponding
utility for IPv6 networks, included in FreeBSD 4.0 and above.  It is
based on an old version of ipfw and does not contain as many features.

ipfw $B$O(B, IP $B%Q%1%C%H$N%U%#%k%?%j%s%0(B, $B%j%@%$%l%/%H(B, $B%H%i%U%#%C%/2]6b$r(B
$B<B8=$9$k$?$a$N%7%9%F%`5!G=$N0l$D$G$9(B.  ip6fw $B$O(B IPv6 $B%M%C%H%o!<%/$KBP1~$7$?(B
$B%f!<%F%#%j%F%#$G(B, FreeBSD 4.0 $B$H$=$l0J9_$K4^$^$l$F$$$^$9(B.
$B$?$@$78e<T$O8E$$%P!<%8%g%s$N(B ipfw $B$r85$K$7$F$*$j(B, $B$"$^$jB?$/$N5!G=$O(B
$B;}$C$F$$$^$;$s(B.


II.  $BLdBj$N>\:Y(B - Problem Description

Due to overloading of the TCP reserved flags field, ipfw and ip6fw
incorrectly treat all TCP packets with the ECE flag set as being part
of an established TCP connection, which will therefore match a
corresponding ipfw rule containing the 'established' qualifier, even
if the packet is not part of an established connection.

ipfw $B$*$h$S(B ip6fw $B$O(B, ECE $B%U%i%0$N%;%C%H$5$l$?$9$Y$F$N%Q%1%C%H$r(B
TCP $B@\B3$r3NN)$7$h$&$H$9$k%Q%1%C%H$N0l$D$H$7$F07$$$^$9(B.  
$B$3$l$O(B TCP $BM=Ls%U%i%0%U%#!<%k%I$N%*!<%P%m!<%I$,860x$G$9(B.
$B$=$N$?$a(B, $B$=$l$i$OK\Mh(B TCP $B@\B3$r3NN)$7$h$&$H$9$k%Q%1%C%H$G$J$$$K$b(B
$B4X$o$i$:(B, 'established' $B=$>~;R$,IU$$$?(B ipfw $B%k!<%k$KIT@5$K(B
$B%^%C%A$7$F$7$^$$$^$9(B.

The ECE flag is not believed to be in common use on the Internet at
present, but is part of an experimental extension to TCP for
congestion notification.  At least one other major operating system
will emit TCP packets with the ECE flag set under certain operating
conditions.

ECE $B%U%i%0$O8=;~E@$K$*$$$F(B, $B%$%s%?!<%M%C%H>e$G9-$/;H$o$l$F$$$k$b$N$G$O(B
$B$J$$$H9M$($i$l$F$$$^$9(B.  $B$3$l$OmUmTDLCN$N$?$a$K(B TCP $B$K2C$($i$l$?(B
$B<B83E*$J3HD%5!G=$N0l$D$G$9(B.  $B$7$+$7(B, $BB>$NM-L>$J%*%Z%l!<%F%#%s%0%7%9%F%`$N(B
$B0l$D$O>/$J$/$H$b(B, $B$3$N(B ECE $B%U%i%0$N$D$$$?%Q%1%C%H$rFCDj$N>r7o2<$G(B
$B=PNO$9$k$3$H$,3NG'$5$l$F$$$^$9(B.

Only systems which have enabled ipfw or ip6fw and use a ruleset
containing TCP rules which make use of the 'established' qualifier,
such as "allow tcp from any to any established", are vulnerable.  The
exact impact of the vulnerability on such systems is undetermined and
depends on the exact ruleset in use.

$B$7$?$,$C$F(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$,B8:_$9$k$N$O(B,
ipfw $B$b$7$/$O(B ip6fw $B$,M-8z2=$5$l(B, 'established' $B=$>~;R$rMxMQ$7$?(B,
$B$?$H$($P(B "allow tcp from any to any established" $B$H$$$&$h$&$J(B
TCP $B%k!<%k$r4^$`%k!<%k%;%C%H$r;H$C$F$$$k%7%9%F%`$K8B$i$l$^$9(B.
$B$3$N<eE@$K$h$k1F6AHO0O$r0lHLE*$KFCDj$9$k$3$H$O$G$-$^$;$s(B.
$B$=$l$i$O(B, $B;H$o$l$F$$$k%k!<%k%;%C%H$K$b0MB8$9$k$?$a$G$9(B.

All released versions of FreeBSD prior to the correction date
including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable, but it was
corrected prior to the (future) release of FreeBSD 4.3.

FreeBSD 3.5.1 $B$*$h$S(B FreeBSD 4.2 $B$r4^$`(B, $B=$@5F|0JA0$N$9$Y$F$N(B
FreeBSD $B%j%j!<%9$,(B, $B$3$N%;%-%e%j%F%#>e$N<eE@$N1F6A$r<u$1$^$9(B.
$B$3$NLdBj$O(B, ($B>-Mh%j%j!<%9$5$l$k(B) FreeBSD 4.3 $B$N8x3+A0$K=$@5$5$l$^$7$?(B.

III. $B1F6AHO0O(B - Impact

Remote attackers who construct TCP packets with the ECE flag set may
bypass certain ipfw rules, allowing them to potentially circumvent
the firewall.

$B%j%b!<%H$N967b<T$O(B, ECE $B%U%i%0$,@_Dj$5$l$?(B TCP $B%Q%1%C%H$rMxMQ$7$F(B
$BFCDj$N(B ipfw $B%k!<%k$rDL2a$9$k$3$H$,2DG=$G$9(B.  $B$3$l$O%U%!%$%"%&%)!<%k$N(B
$B5!G=$rL5NO2=$9$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9(B.


IV.  $B2sHrJ}K!(B - Workaround

Because the vulnerability only affects 'established' rules and ECE-
flagged TCP packets, this vulnerability can be removed by adjusting
the system's rulesets.  In general, it is possible to express most
'established' rules in terms of a general TCP rule (with no TCP flag
qualifications) and a 'setup' rule, but may require some restructuring
and renumbering of the ruleset.

$B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O(B, 'established' $B%k!<%k$H(B
ECE $B%U%i%0$,@_Dj$5$l$?(B TCP $B%Q%1%C%H$N$_$K1F6A$7$^$9(B.  $B$=$N$?$a(B
$B%7%9%F%`$N%k!<%k%;%C%H$rD4@0$9$k$3$H$G(B, $B$3$N<eE@$r2sHr$9$k$3$H$,2DG=$G$9(B.
$B0lHLE*$K(B, 'established' $B%k!<%k$N$[$H$s$I$O(B (TCP $B%U%i%0=$>~;R$,$J$$(B) $BDL>o$N(B
TCP $B%k!<%k$H(B 'setup' $B%k!<%k$rMQ$$$F5-=R$9$k$3$H$,$G$-$^$9(B.
$B$?$@$7$=$N>l9g(B, $B%k!<%k%;%C%H$N9=B$E*$JJQ99$*$h$S(B, $BHV9f$N?6$jD>$7$,I,MW$K(B
$B$J$k$+$bCN$l$^$;$s(B.


V.   $B2r7h:v(B - Solution

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade the vulnerable FreeBSD system to FreeBSD 3.5-STABLE, or
or 4.2-STABLE after the correction date.
1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 3.5-STABLE $B$b$7$/$O(B
   4.2-STABLE $B$K%"%C%W%0%l!<%I$7$^$9(B.

2) Patch your present system by downloading the relevant patch from the
below location:
2) $B0J2<$N>l=j$K$"$k=$@5%Q%C%A$r8=:_MxMQCf$N%7%9%F%`$KE,MQ$7$F(B,
   $B%7%9%F%`$r:F9=C[$7$^$9(B.

[FreeBSD 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-4.x.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-4.x.patch.asc

[FreeBSD 3.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-3.x.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-3.x.patch.asc

Verify the detached PGP signature using your PGP utility.
PGP $B%f!<%F%#%j%F%#$r;H$C$F(B PGP $B=pL>$r3NG'$7$^$9(B.

Execute the following commands as root:
root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9(B.

# cd /usr/src
# patch -p < /path/to/patch
# cp /usr/src/sys/netinet/tcp.h /usr/src/sys/netinet/ip_fw.h /usr/include/netinet/
# cd /usr/src/sbin/ipfw
# make depend && make all install
# cd /usr/src/sys/modules/ipfw
# make depend && make all install

For 4.x systems, perform the following additional steps:
4.x $B%7%9%F%`$N>l9g$O(B, $B>e$K2C$($F<!$N<j=g$r9T$J$$$^$9(B.

# cp /usr/src/sys/netinet6/ip6_fw.h /usr/include/netinet6/
# cd /usr/src/sbin/ip6fw
# make depend && make all install
# cd /usr/src/sys/modules/ip6fw
# make depend && make all install

NOTE: The ip6fw patches have not yet been tested but are believed to
be correct.  The ip6fw software is not currently maintained and may be
removed in a future release.

$BCm0U(B: ip6fw $B$N=$@5%Q%C%A$O$^$@;n83$5$l$F$$$^$;$s$,(B,
      $B=$@5$O@5$7$$$b$N$G$"$k$H9M$($i$l$F$$$^$9(B.  ip6fw $B$O(B
      $B8=:_J]<i$5$l$F$*$i$:(B, $B>-Mh$N%j%j!<%9$G$O:o=|$5$l$kM=Dj$G$9(B.

If the system is using the ipfw or ip6fw kernel modules (see
kldstat(8)), the module may be unloaded and the corrected module
loaded into the kernel using kldload(8)/kldunload(8).  This will
require that the firewall rules be reloaded, usually be executing the
/etc/rc.firewall script.  Because the loading of the ipfw or ip6fw
module will result in the system denying all packets by default, this
should only be attempted when accessing the system via console or by
careful use of a command such as:

$B%7%9%F%`$,(B ipfw $B$b$7$/$O(B ip6fw $B%+!<%M%k%b%8%e!<%k(B (kldstat(8) $B;2>H(B) $B$r(B
$B;HMQ$7$F$$$k>l9g$K$O(B, kldload(8)/kldunload(8) $B$rMQ$$$k$3$H$G(B
$B%+!<%M%k$+$i%b%8%e!<%k$r<h$j30$7(B, $B=$@5HG$N%b%8%e!<%k$rF3F~$9$k$3$H$,(B
$B2DG=$G$9(B.  $B$3$N:](B, $BDL>o$O(B /etc/rc.firewall $B%9%/%j%W%H$G<B9T$5$l$k(B
$B%U%!%$%"%&%)!<%k%k!<%k$N:FFI$_9~$_$r(B, $BL@<(E*$K9T$J$&I,MW$,$"$j$^$9(B.
$B$3$3$G(B, ipfw $B$b$7$/$O(B ip6fw $B%b%8%e!<%k$NF3F~;~$K$O(B, $B%G%U%)%k%H$G(B
$B$9$Y$F$N%Q%1%C%H$r5qH]$9$k$h$&$K%7%9%F%`$,@_Dj$5$l$F$7$^$&$3$H$K(B
$BCm0U$7$F$/$@$5$$(B.  $B$=$N$?$a$3$N:n6H$O(B, $B%3%s%=!<%k7PM3$G%7%9%F%`$K(B
$B%"%/%;%9$7$F$$$k;~$+(B, $B$b$7$/$O:Y?4$NCm0U$rJ'$C$F<!$N$h$&$J(B
$B%3%^%s%I$r<B9T$9$k$3$H$G$N$_(B, $B9T$J$&$Y$-$G$9(B.

# kldload ipfw && sh /etc/rc.firewall

which performs both operations sequentially.

$B>e$N%3%^%s%I$O(B, $B%+!<%M%k%b%8%e!<%k$NF3F~(B, $B$*$h$S(B
$B%U%!%$%"%&%)!<%k%k!<%k$N:FFI$_9~$_$r=gHV$K<B9T$7$^$9(B.

Otherwise, if the system has ipfw or ip6fw compiled into the kernel,
the kernel will also have to be recompiled and installed, and the
system will have to be rebooted for the changes to take effect.

$B$^$?(B, ipfw $B$b$7$/$O(B ip6fw $B$,%7%9%F%`$N%+!<%M%k$K%3%s%Q%$%k$5$l$F$$$k(B
$B>l9g(B, $B=$@5$rM-8z2=$5$;$k$?$a$K%+!<%M%k$N:F9=C[(B, $B:F%$%s%9%H!<%k(B, $B$*$h$S(B
$B%7%9%F%`$N:F5/F0$,I,MW$K$J$j$^$9(B.


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:08,v 1.1 2001/01/27 06:05:14 hrs Exp $

----Next_Part(Sat_Jan_27_15:12:46_2001_571)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:09"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:09 (2001-01-25)
 * crontab allows users to read certain files [REVISED]
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: FreeBSD Security Advisory: FreeBSD-SA-01:09.crontab [REVISED]
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Thu, 25 Jan 2001 13:01:37 -0800 (PST)
  Message-Id: <200101252101.f0PL1bs78217@freefall.freebsd.org>
  X-Sequence: announce-jp 672

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-01:09                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	crontab allows users to read certain files [REVISED]

$BJ,N`(B:		core
$B%b%8%e!<%k(B:	crontab
$B9pCNF|(B:		2001-01-23
$B2~D{F|(B:		2001-01-25
$B%/%l%8%C%H(B:	Kyong-won Cho <dubhe@HACKERSLAB.COM>
		$B=$@5%Q%C%ADs6!(B: OpenBSD (Todd Miller <millert@openbsd.org>)
$B1F6AHO0O(B:	FreeBSD 3.x ($BA4%j%j!<%9(B),
                FreeBSD 4.x (4.2 $B$h$jA0$NA4%j%j!<%9(B)
                $B=$@5F|0JA0$N(B FreeBSD 3.5.1-STABLE $B$*$h$S(B 4.1.1-STABLE
$B=$@5F|(B:		2000-11-11 (FreeBSD 4.1.1-STABLE)
		2000-11-20 (FreeBSD 3.5.1-STABLE)
FreeBSD $B$K8GM-$+(B:	No

0.   $B2~D{MzNr(B - Revision History

v1.0  2001-01-23  $B=iHG8x3+(B
v1.1  2001-01-25  Update to credit OpenBSD as source of patch
                  $B=$@5%Q%C%A$NDs6!85$G$"$k(B OpenBSD $B$N%/%l%8%C%H$r99?7(B


I.   $BGX7J(B - Background

crontab(8) is a program to edit crontab(5) files for use by the cron
daemon, which schedules jobs to run at specified times.

crontab(8) $B$O(B, $BFCDj$N;~4V$K<B9T$9$k$h$&$K%8%g%V$r%9%1%8%e!<%k$9$k(B
cron $B%G!<%b%sMQ$N(B crontab(5) $B%U%!%$%k$rJT=8$9$k%W%m%0%i%`$G$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

crontab(8) was discovered to contain a vulnerability that may allow
local users to read any file on the system that conform to a valid
crontab(5) file syntax.  Due to crontab(5) syntax requirements, the
files that may be read is limited and subject to the following
restrictions:

crontab(8) $B$K$O(B, $B%m!<%+%k%f!<%6$,%7%9%F%`>e$K$"$k(B crontab(5) $B$N(B
$BJ8K!$KB'$C$?7A<0$r;}$D(B, $B$9$Y$F$N%U%!%$%k$rFI$`$3$H$,$G$-$k$H$$$&(B
$B%;%-%e%j%F%#>e$N<eE@$,H/8+$5$l$F$$$^$9(B.  $BFI$`$3$H$N$G$-$k%U%!%$%k$O(B
crontab(5) $BJ8K!$KB'$kI,MW$,$"$j(B, $B<!$N$h$&$J$b$N$K8B$i$l$^$9(B.

* The file is a valid crontab(5) file, or:
* The file is entirely commented out; every line contains either only
  whitespace, or begins with a '#' character.

* $BM-8z$J(B crontab(5) $B%U%!%$%k$G$"$k$+(B,
* $B%U%!%$%kA4BN$,%3%a%s%H%"%&%H$5$l$F$$$k$b$N(B, $B$D$^$j$9$Y$F$N9T$,(B
  $B6uGr$N$_$N9T(B, $B$b$7$/$O(B '#' $BJ8;z$+$i;O$^$C$F$$$k9T$K$J$C$F$$$k$b$N(B.

The greatest security vulnerability is the disclosure of crontab
entries owned by other users, which may contain sensitive data such as
keying material (although this would often be publically disclosed
anyway at the time when the crontab job executes, via process
arguments and environment, etc).

$B$3$N%;%-%e%j%F%#>e$N<eE@$K$h$k:G$bBg$-$J1F6A$O(B, $BB>$N%f!<%6$N(B
crontab $B%(%s%H%j$,K=O*$5$l$k$3$H$G$9(B.  crontab $B%(%s%H%j$K$O(B
keying material $B$J$I$N=EMW$J>pJs$,4^$^$l$F$$$k2DG=@-$,$"$j$^$9(B
($B$?$@$7(B, $B$=$l$i$O(B crontab $B%8%g%V$N<B9T;~$K(B, $B%W%m%;%9$N0z?t$d(B
$B4D6-JQ?t$J$I$r7PM3$7$F8x3+$5$l$F$7$^$&$3$H$b$"$j$^$9(B).

All released versions of FreeBSD prior to the correction date
including FreeBSD 4.1.1 are vulnerable to this problem.  The problem
was corrected prior to the release of FreeBSD 4.2.

FreeBSD 4.1.1 $B$r4^$`(B, $B=$@5F|0JA0$N$9$Y$F$N(B FreeBSD $B%j%j!<%9$,(B
$B$3$N%;%-%e%j%F%#<eE@$N1F6A$r<u$1$^$9(B.
$B$3$NLdBj$O(B, FreeBSD 4.2 $B$N8x3+A0$K=$@5$5$l$^$7$?(B.


III. $B1F6AHO0O(B - Impact

Malicious local users can read arbitrary local files that conform to
a valid crontab file syntax.

$B0-0U$r;}$C$?%m!<%+%k%f!<%6$O(B, $BM-8z$J(B crontab $BJ8K!$KB'$C$?(B
$BG$0U$N%m!<%+%k%U%!%$%k$rFI$`$3$H$,2DG=$G$9(B.


IV.  $B2sHrJ}K!(B - Workaround

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Utilize crontab allow/deny files (/var/cron/allow and
/var/cron/deny) to limit access to use the crontab(8) utility.
1) crontab $B$N(B $B5v2D(B/$B5qH](B (allow/deny) $B%U%!%$%k(B (/var/cron/allow
   $B$*$h$S(B /var/cron/deny) $B$r;H$C$F(B cronrab(8) $B%f!<%F%#%j%F%#$K(B
   $B;HMQ@)8B$r@_$1$^$9(B.

2) Remove the setuid privileges from /usr/sbin/crontab.  However, this
will not allow users other than root to use cron.
2) /usr/sbin/crontab $B$+$i(B setuid $B8"8B$r<h$j=|$-$^$9(B.
   $B$?$@$7(B, $B$3$&$9$k$H(B root $B%f!<%60J30$N%f!<%6$O(B cron $B$r(B
   $B;H$&$3$H$,$G$-$J$/$J$j$^$9(B.


V.   $B2r7h:v(B - Solution

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

Upgrade the vulnerable FreeBSD system to 3.5-STABLE or 4.1.1-STABLE
after the correction date.
1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 3.5-STABLE $B$b$7$/$O(B
4.1.1-STABLE $B$K%"%C%W%0%l!<%I$7$^$9(B.

To patch your present system: download the relavent patch from the
below location and execute the following commands as root:
2) $B0J2<$N>l=j$K$"$k=$@5%Q%C%A$r8=:_MxMQCf$N%7%9%F%`$KE,MQ$7$F(B,
   root $B8"8B$G0J2<$N%3%^%s%I$r<B9T$7$^$9(B.

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch.asc

Verify the detached PGP signature using your PGP utility.
PGP $B%f!<%F%#%j%F%#$r;H$C$F(B PGP $B=pL>$r3NG'$7$^$9(B.

# cd /usr/src/usr.sbin/cron/crontab
# patch -p < /path/to/patch
# make depend && make all install


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:09,v 1.1 2001/01/27 06:05:14 hrs Exp $

----Next_Part(Sat_Jan_27_15:12:46_2001_571)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:10"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:10 (2001-01-23)
 * bind remote denial of service
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-01:10.bind
  From: Koga Youichirou <y-koga@jp.freebsd.org>
  Date: Fri, 26 Jan 2001 10:28:47 +0900 (JST)
  Message-Id: <200101260128.f0Q1Smd46112@koga.do.mms.mt.nec.co.jp>
  X-Sequence: announce-jp 674

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

  [$BCm(B] $B%a!<%kG[Aw>c32$K$h$j(B, FreeBSD-announce $B$X$NG[Aw$O9T$J$o$l$F$$$^$;$s(B.
       $B%*%j%8%J%kJ8=q$N%X%C%@>pJs$O0J2<$N$H$*$j$G$9(B.

    | Subject: FreeBSD Security Advisory: FreeBSD-SA-01:10.bind
    | From: FreeBSD Security Advisories <security-advisories@FREEBSD.ORG>
    | Date: Tue, 23 Jan 2001 13:22:52 -0800
    | Message-Id: <20010123212252.99AD937B69C@hub.freebsd.org>

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-01:10                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	bind remote denial of service

$BJ,N`(B:		core, ports
$B%b%8%e!<%k(B:	bind
$B9pCNF|(B:		2001-01-23
$B%/%l%8%C%H(B:	Fabio Pietrosanti <fabio@TELEMAIL.IT>
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B FreeBSD 3.x
		$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2000-11-27 (FreeBSD 3.5-STABLE)
		2001-01-05 (Ports Collection)
$B%Y%s%@$NBP1~(B:	$B=$@5HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO


I.   $BGX7J(B - Background

bind is an implementation of the Domain Name System (DNS) protocols.

bind $B$O%I%a%$%s%M!<%`%7%9%F%`(B (DNS) $B%W%m%H%3%k$N<BAu$N0l$D$G$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

A vulnerability exists with the bind nameserver dealing with
compressed zone transfers.  Due to a problem with the compressed zone
transfer (ZXFR) implementation, if named is configured for zone
transfers and recursive resolving, it will crash after a ZXFR for the
authoritative zone and a query of a remote hostname.  Since named is
not configured under a watchdog process which will automatically
restart it after a failure, this will lead to the denial of DNS
service on the server.

bind $B%M!<%`%5!<%P$K$O(B, $B05=L%>!<%sE>Aw$N=hM}ItJ,$K%;%-%e%j%F%#>e$N(B
$B<eE@$,B8:_$7$^$9(B.  $B05=L%>!<%sE>Aw(B (ZXFR) $B$N<BAu$KLdBj$,$"$j(B,
named $B$,%>!<%sE>Aw$H:F5"Ld$$9g$o$;$r9T$J$&$h$&$K@_Dj$5$l$F$$$k$H(B,
$B8"0R$r;}$C$?%>!<%s(B (authoritative zone) $B$X$N(B ZXFR $B$r9T$J$C$F(B
$B%j%b!<%H%[%9%HL>$NLd$$9g$o$;$r9T$J$C$?8e(B, named $B$,%/%i%C%7%e$7$^$9(B.
named $B$K$O(B, $B<+?H$,5!G=$7$J$/$J$C$?;~$K<+F0E*$K:F5/F0$r9T$J$&(B
$B4F;k%W%m%;%9$,@_Dj$5$l$F$$$J$$$?$a(B, $B$3$l$O%5!<%S%9K832967b(B (DoS) $B$K(B
$BMxMQ$5$l$k2DG=@-$,$"$j$^$9(B.

All versions of FreeBSD 3.x prior to the correction date including
3.5.1-RELEASE are vulnerable to this problem.  In addition, the bind8
port in the ports collection is also vulnerable.  FreeBSD 4.x is not
affected since it contains versions of BIND 8.2.3.

FreeBSD 3.5.1-RELEASE $B$r4^$`(B, $B=$@5F|0JA0$N$9$Y$F$N%P!<%8%g%s$N(B
FreeBSD 3.x $B$,$3$N%;%-%e%j%F%#>e$N<eE@$N1F6A$r<u$1$^$9(B.  $B$^$?(B,
bind8 port $B$K$bF1MM$N<eE@$,B8:_$7$^$9(B.  FreeBSD 4.x $B$O(B
BIND 8.2.3 $B7ONs$,;H$o$l$F$$$k$?$a(B, $B$3$NLdBj$N1F6A$O$"$j$^$;$s(B.


III. $B1F6AHO0O(B - Impact

Malicious remote users can cause the named daemon to crash, if it is
configured to allow zone transfers and recursive queries.

$B0-0U$r;}$C$?%j%b!<%H%f!<%6$O(B, $B%>!<%sE>Aw$H:F5"Ld$$9g$o$;$r(B
$B9T$J$&$h$&$K@_Dj$5$l$F$$$k(B named $B%G!<%b%s$r%/%i%C%7%e$5$;$k$3$H$,2DG=$G$9(B.


IV.  $B2sHrJ}K!(B - Workaround

A partial workaround can be implemented by disallowing zone transfers
except from trusted hosts. Note that if the trusted hosts are
compromised or contain malicious users, name servers with this bug
will be vulnerable to the denial of service attack.

$B1F6A$r0lIt$G$9$,(B, $B?.Mj$G$-$J$$%[%9%H$+$i$N%>!<%sE>Aw$r(B
$BL58z2=$9$k$3$H$G2sHr$9$k$3$H$,2DG=$G$9(B.  $B$?$@$7?.Mj$G$-$k%[%9%H$,(B
$B?/F~$r<u$1$?$j(B, $B$=$3$K0-0U$r;}$C$?%f!<%6$,$$$?>l9g(B,
$B$3$N%P%0$rMxMQ$7$?%5!<%S%9K832967b$r2sHr$9$k$3$H$O$G$-$J$$$3$H$K(B
$BCm0U$7$F$/$@$5$$(B.


V.   $B2r7h:v(B - Solution

[Base system]
[$B%Y!<%9%7%9%F%`(B]

Upgrade your vulnerable FreeBSD system to 3.5.1-STABLE after the
correction date.
$B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 3.5.1-STABLE $B$K(B
$B%"%C%W%0%l!<%I$7$^$9(B.

[Ports Collection]

If you have chosen to install BIND from the ports collection and are
using it instead of the version in the base system, perform one of the
following steps:

BIND $B$r(B Ports Collection $B$+$i%$%s%9%H!<%k$7(B, $B%Y!<%9%7%9%F%`$K$"$k(B BIND $B$N(B
$BBe$o$j$K;HMQ$7$F$$$k>l9g$O(B, $B<!$N$$$:$l$+$N<j=g$K=>$C$F$/$@$5$$(B.

1) Upgrade your entire ports collection and rebuild the bind8 port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, bind8 $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
2) $B8E$$(B ($BLuCm(B: bind8 $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, 
   bind8 $B$N(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/bind-8.2.2p7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/bind-8.2.2p7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/bind-8.2.2p7.tgz

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.

3) download a new port skeleton for the bind8 port from:
3) bind8 $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i(B
   $B%@%&%s%m!<%I$7(B, $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:10,v 1.1 2001/01/27 06:05:14 hrs Exp $

----Next_Part(Sat_Jan_27_15:12:46_2001_571)----
